AWS SecurityGroupのcsv化のメモ
Outboudは途中だけど、忘れるので残しておく。
キモは、配列からオブジェクト化
これに悩んで1年たった。
シェル(コマンド)
sg.sh
aws ec2 describe-security-groups > sg
_IpPermissions-IpRanges(){
cat sg | \
jq -r '.SecurityGroups[] |
{
GroupName,
GroupId,
IpPermissions:.IpPermissions[]
} |
{
GroupName,
GroupId,
IpProtocol:.IpPermissions.IpProtocol,
FromPort:.IpPermissions.FromPort,
ToPort:.IpPermissions.ToPort,
IpRanges:.IpPermissions.IpRanges[]
} |
[
.GroupId,
"inbound",
.IpProtocol,
.FromPort,.ToPort,
.IpRanges.CidrIp,
.IpRanges.Description
] |@csv'
}
_IpPermissions-UserIdGroupPairs(){
cat sg | \
jq -r '.SecurityGroups[] |
{
GroupName,
GroupId,
IpPermissions:.IpPermissions[]
} |
{
GroupName,
GroupId,
IpProtocol:.IpPermissions.IpProtocol,
FromPort:.IpPermissions.FromPort,
ToPort:.IpPermissions.ToPort,
UserIdGroupPairs:.IpPermissions.UserIdGroupPairs[]
} |
[
.GroupId,
"inbound",
.IpProtocol,
.FromPort,.ToPort,
.UserIdGroupPairs.UserId
+ "/" +
.UserIdGroupPairs.GroupId,
.UserIdGroupPairs.Description
] |@csv'
}
_IpPermissions-PrefixListIds(){
cat sg | \
jq -r '.SecurityGroups[] |
{
GroupName,
GroupId,
IpPermissions:.IpPermissions[]
} |
{
GroupName,
GroupId,
IpProtocol:.IpPermissions.IpProtocol,
FromPort:.IpPermissions.FromPort,
ToPort:.IpPermissions.ToPort,
PrefixListIds:.IpPermissions.PrefixListIds[]
} |
[
.GroupId,
"inbound",
.IpProtocol,
.FromPort,.ToPort,
.PrefixListIds.PrefixListId,
.PrefixListIds.Description
] |@csv'
}
_IpPermissionsEgress-IpRanges(){
cat sg | \
jq -r '.SecurityGroups[] |
{
GroupName,
GroupId,
IpPermissionsEgress:.IpPermissionsEgress[]
} |
{
GroupName,
GroupId,
IpProtocol:.IpPermissionsEgress.IpProtocol,
FromPort:.IpPermissionsEgress.FromPort,
ToPort:.IpPermissionsEgress.ToPort,
IpRanges:.IpPermissionsEgress.IpRanges[]
} |
[
.GroupId,
"outbound",
.IpProtocol,
.FromPort,.ToPort,
.IpRanges.CidrIp,
.IpRanges.Description
] |@csv'
}
_SG(){
_IpPermissions-IpRanges
_IpPermissions-UserIdGroupPairs
_IpPermissions-PrefixListIds
_IpPermissionsEgress-IpRanges
}
_SG | sed s/,,/,-,/g | sed s/,,/,-,/g
exit
実行結果
[root@ip-192-168-0-58 ec2-user]# bash sh_sg.sh
"sg-00363b7e1c868e39d","inbound","tcp",22,22,"0.0.0.0/0",""
"sg-024e50824692ddaed","inbound","tcp",22,22,"0.0.0.0/0",""
"sg-03fa766b4e6bf6dd9","inbound","tcp",22,22,"0.0.0.0/0",
"sg-08649cd4d367766a5","inbound","-1",-,-,"0.0.0.0/0",
"sg-0a14097162ef9b499","inbound","tcp",0,65535,"172.26.1.0/24",
"sg-0c1cf5220455208ce","inbound","-1",-,-,"172.26.1.0/24",
"sg-0c1cf5220455208ce","inbound","tcp",22,22,"192.168.0.1/32",
"sg-0c1cf5220455208ce","inbound","tcp",22,22,"192.168.0.2/32",
"sg-0c1cf5220455208ce","inbound","tcp",22,22,"192.168.0.3/32",
"sg-0c1cf5220455208ce","inbound","tcp",244,255,"192.168.0.1/32",
"sg-0c1cf5220455208ce","inbound","tcp",0,65535,"273384484291/sg-0a14097162ef9b499","sg2"
"sg-0c1cf5220455208ce","inbound","tcp",0,65535,"pl-61a54008",
"sg-00363b7e1c868e39d","outbound","-1",-,-,"0.0.0.0/0",
"sg-024e50824692ddaed","outbound","-1",-,-,"0.0.0.0/0",
"sg-03fa766b4e6bf6dd9","outbound","-1",-,-,"0.0.0.0/0",
"sg-08649cd4d367766a5","outbound","-1",-,-,"0.0.0.0/0",
"sg-0a14097162ef9b499","outbound","-1",-,-,"0.0.0.0/0",
"sg-0c1cf5220455208ce","outbound","-1",-,-,"0.0.0.0/0",
[root@ip-192-168-0-58 ec2-user]#
■参考サイト
https://teratail.com/questions/312929#reply-440621
https://qiita.com/sotoiwa/items/431358283dee00eb6f46
https://jupitrisonlabs.hatenadiary.jp/entry/20151127/1448606090